package com.sanq.product.cab.interceptors;

import com.sanq.product.cab.annotations.AuthorityAnnotation;
import com.sanq.product.cab.exceptions.BusException;
import com.sanq.product.cab.redis.constants.BusCode;
import org.springframework.web.method.HandlerMethod;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * version: 接口权限拦截
 * ---------------------
 *
 * @author sanq.Yan
 * @date 2020/1/26
 */
public abstract class CheckHasPermissionInterceptor extends BaseInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {

            if (super.preHandle(request, response, handler)) {
                return true;
            }

            HandlerMethod hm = (HandlerMethod) handler;
            AuthorityAnnotation authorityAnnotation = hm.getMethodAnnotation(AuthorityAnnotation.class);

            if (authorityAnnotation == null)
                throw new BusException("权限注解为空，无法进行权限验证： @AuthorityAnnotation");

            String[] urls = authorityAnnotation.url();

            if (!checkThisUrl(request, urls)) {
                throw new BusException("无当前接口权限", BusCode.AUTH_CODE);
            }
            return true;
        }
        return false;
    }


    protected abstract boolean checkThisUrl(HttpServletRequest request, String... url);
}
